WordPress Vulnerability Update via @martinibuster - Website Pro USA
Website Builder,SEO,Social Media Consultant, Hosting, Website Care Plans
43247
post-template-default,single,single-post,postid-43247,single-format-standard,theme-bridge,woocommerce-no-js,ajax_updown,page_not_loaded,,qode-content-sidebar-responsive,columns-3,qode-child-theme-ver-1.0.0,qode-theme-ver-9.2,hide_inital_sticky,wpb-js-composer js-comp-ver-7.9,vc_responsive

WordPress Vulnerability Update via @martinibuster

29 Apr WordPress Vulnerability Update via @martinibuster

Posted at 22:13h in Business by
0 Likes
ADVERTISEMENT

WordPress announced an update that fixes seventeen bug fixes and seven vulnerabilities. WordPress is automatically updating sites to WordPress 5.4.1.

It is important to check that your WordPress installation is updated to version WordPress 5.4.1.

Cross-site Scripting Vulnerabilities

WordPress patched it’s software to address multiple Cross-site scripting (XSS) vulnerabilities. There are two kinds, XSS and Authenticated XSS.

ADVERTISEMENT
CONTINUE READING BELOW

A cross-site scripting (XSS) vulnerability allows an attacker to inject a malicious script on a vulnerable web page.

An authenticated cross-site scripting (Authenticated XSS) is the same vulnerability only this one happens when a user is logged in. The user can be anyone ranging from a site member all the way up to the administrator level.

XSS vulnerabilities can be used to attack site visitors as well as to alter a WordPress web page. These kinds of vulnerabilities can be used as the first wave of attack that can unlock and clear the way for more serious attacks.

For that reason it’s important to stay on top of XSS vulnerabilities and keep your WordPress installation patched to the very latest version.

ADVERTISEMENT
CONTINUE READING BELOW

The software update was not not limited to fixing XSS vulnerabilities. There were other kinds of vulnerabilities as well.

Screenshot of the official WordPress security update announcementScreenshot of the official WordPress security update announcementScreenshot of WordPress 5.4.1. security update announcement

Not All Sites Automatically Updated

WordPress announced that WordPress installations from WordPress 3.7 and up have been automatically updated. That means WordPress installations lower than 3.7 were not automatically updated.

The official WordPress announcement implies that versions less than 3.7 remain vulnerable, since this vulnerability affects all WordPress versions under 5.4.

It is prudent to update any older WordPress installations to the very latest in order to avoid any previous WordPress vulnerabilities.

ADVERTISEMENT
CONTINUE READING BELOW

According to the official WordPress announcement:

“This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately.”

Bug Fixes

There were 17 bug fixes in this release. Typical bugs that were fixed were broken media file uploads affecting certain browsers and fixing conflicts with some plugins, among many other bugs.

Read the official WordPress announcement here:

WordPress 5.4.1

WordPress 5.4.1

No Comments

Sorry, the comment form is closed at this time.